A very obvious mitigation to this and similar issues seem to be to forbid HTML in domain validation emails.
I don't see a reason not to do this and I totally expect that Comodo is not the only CA having such issues.